People seem to keep asking about this, despite there being a quality page on kernel.org on how to run an AP with any mac80211 driver. So for what it’s worth, here’s how my setup works. Note if you are seeing flakiness with certain clients, e.g. it works fine with a computer but not with your cell phone, it is likely there is some bug with the power saving handling. I’m currently working on a few such issues, so it may be fixed soon enough.
To get started, you need the following:
- some sort of network uplink, like a wired ethernet port
- a kernel with ap mode support for ath5k (2.6.31+) and netfilter (for NAT)
- dnsmasq
- hostapd
You have two basic options for interfacing the wireless network with your wired network. One is by using a bridge directly to the wired network. Another is to use NAT so the wireless network is on its own subnet. The former is more typical of an embedded device, but I prefer the latter on my home LAN, so that’s what I’ll describe.
Turn off any wireless daemon (such as NetworkManager) while you experiment with hostapd to ensure that nothing else has the device open.
The hostapd.conf is large but self-explanatory. One can get away with a rather small config file if using the defaults. This example sets up an AP on wlan0 with the SSID “hostapd_ath5k”. It has a wlan-facing IP address 192.168.10.1, it’s on channel 11, supports 802.11g, and has the WPA pre-shared key “my_password”. I have also set up EAP, it works but requires making a lot of certs and such, so Google is your friend here.
hostapd.conf:
interface=wlan0 driver=nl80211 ssid=hostapd_ath5k hw_mode=g channel=11 auth_algs=3 own_ip_addr=192.168.10.1 wpa=1 wpa_passphrase=my_password wpa_key_mgmt=WPA-PSK wpa_pairwise=CCMP
For DHCP and DNS forwarding, I use dnsmasq. This couldn’t be easier. Just put something like the following in /etc/dnsmasq.conf:
dhcp-range=192.168.10.50,192.168.10.150,12h
This will hand out addresses in the 192.168.10.X subnet. Then I use a small script to enable IP masquerading before launching hostapd (note, it will flush all iptables rules, which may not be what you want, so use with caution).
run.sh:
#!/bin/sh DEV=wlan0 GW_DEV=eth0 # set IPs ifconfig $DEV down ifconfig $DEV up ifconfig $DEV 192.168.10.1 # setup ip masq echo 1 > /proc/sys/net/ipv4/ip_forward iptables -F iptables -t nat -F iptables -A FORWARD -i $DEV -j ACCEPT iptables -A FORWARD -o $DEV -j ACCEPT iptables -t nat -A POSTROUTING -o $GW_DEV -j MASQUERADE ./hostapd hostapd.conf
Running the script will launch hostapd, and if all goes well, you’ll see it show up in scans from other computers.
If anything goes wrong, make sure:
- you’ve started dnsmasq
- you have a valid backhaul connection
- you aren’t using power save mode on client (iwconfig wlan0 power off — see previous comment about PS bugs)
- you haven’t found a bug